1 / 6

Security Token

Security Token. Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Rob Horn, Agfa Healthcare 28 September 2009. The Problem. From the Access Control Whitepaper:

oscar-diaz
Download Presentation

Security Token

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Token Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Rob Horn, Agfa Healthcare 28 September 2009

  2. The Problem • From the Access Control Whitepaper: • IHE should define a framework for the definition of interoperable “get X-Assertion” and “provide X-assertion” transactions. This framework should consider two different levels of trust: direct trust (X-Service User consumes X-Assertion) and brokered trust (X-Service User as intermediary between X-Service Provider and Security Token Provider).

  3. Use Case • Access control information (e.g., subject attributes, policies) which is exchanged between ACSs, must be safeguarded by encapsulating them into security tokens. Encapsulation enables any involved ACS to attest the trustworthiness of each piece of information.

  4. Fuller Use Case scope XUA Provide X-Assertion X-Service Provider X-Service Provider Other Actor Other Actor Validate X-Assertion Get X-Assertion New STS WS-Trust transactions STS

  5. Proposed Standards & Systems • SAML • WS-trust

  6. Discussion • This profile is similar to some other ITI profiles in that it defines abstract actors that encapsulate and exchange information. Specific concrete actors and profiles will specify precise details regarding the attributes needed ina specific situation. • Limit initial scope to XDS environment • What level of effort do you foresee in developing this profile? • Medium • Should this combine with PEP/PDP cookbook or be separate? • Co-editor: Rob Horn – Agfa Healthcare

More Related